Bug #51093: Create database "databaseName" not escaped ... - Core - TYPO3 Forge

Core Indexed Search Linkvalidator Release Cycles Team Resources Workspaces & Versioning TYPO3 CMS Usability Team Community Extensions Distributions Feature-Requests TYPO3 6.2 Projects (+)(Archived Projects)

Bug #51093

Task #49162: Rewrite install tool

Create database "databaseName" not escaped ...

Added by Christian Kuhn almost 2 years ago. Updated 21 days ago.

Status:

New

Start date:

2013-08-15

Priority:

Must have

Due date:

Assigned To:

% Done:

Category:

7 Install Improvements

Spent time:

Target version:

7.4 (Backend)

TYPO3 Version:

6.2

Is Regression:

PHP Version:

5.4

Sprint Focus:

Complexity:

easy

Description

This might fail with "-" sign in database name and is also a possible sqli?

6.2 only, TYPO3\CMS\Install\Controller\Action\Step\DatabaseSelect

History

#1 Updated by Nicole Cordes almost 2 years ago

Is Regression set to No

This can't be handly by dbal so we should not support it in the install tool.

#2 Updated by Mathias Schreiber 7 months ago

Target version changed from next-patchlevel to 7.4 (Backend)

#3 Updated by Susanne Moog 21 days ago

Category changed from Install Tool to 7 Install Improvements

Also available in: Atom PDF

Core

Issues

Custom queries